Wireless Access

Reply
Occasional Contributor II

Need help with Captive Portal/splash page setup

Community,

 

I am trying to implement the captive portal/splash page on one of my SSIDs but am having a heck of time figuring out how to do it. I have an SSID (Virtual AP) called CDT-Green. The SSID is currently using WPA2 PSK with AES for its authentication. I would like users of this network to be redirected to the Captive Portal once they authenticate using the password. However, I am having trouble finding where to apply the captive portal profile to this SSID. I looked everywhere and cant find where to apply it. Could someone please give me a guide on how to apply captive portal profiles to an SSID? Any requirements I need to be aware of etc?

 

Thanks so much!

Re: Need help with Captive Portal/splash page setup

Hey, take a look at the below. You'll need to make sure that the Captive Portal is referenced in your initial role (logon) so that the re-direct occurs. Don't forget the client will also need a working DNS server as well fo the Captive Portal to be displayed!

 

http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/Captive_Portal.php

 

Or if you are using a later version :)

 

www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Content/ArubaFrameStyles/Captive_Portal/Captive_Portal.htm


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Need help with Captive Portal/splash page setup

Zalion,

 

Thank you for the links, those are helpfule. Two questions:

 

1) Does the SSID have to be set for no other forms of authentication for the redirect to work? Currently the SSID is set to use WPA2 PSK. I applied the default captive portal profile to the User Role but its not redirecting.

 

2) Do I need to have a valid server certificate applied on the WLC in order to use captive portal? 

 

Thanks.

Re: Need help with Captive Portal/splash page setup

Hey, 

 

1) You can use any kind of encryption with this whether it is Open/PSK etc. This merely encrypts the traffic between the client and the AP. What do your User Role look like (#show rights XXXX) ? Is it referenced in the AAA profile as the Initial Role?

 

2) Preferably you would need a valid server certificate. All Aruba controllers shipped with a certificate which was recently revoked by the CA. As a result of this the cert is not trusted by devices. For testing purposes you can also configure the Captive Portal to use HTTP (the credentials are not encrypted) just to confirm your configuration is correct.


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Need help with Captive Portal/splash page setup

Zalion,

 

Here is the output of some show commands that might help:

 

(wlan01.cedardoc.com) #show rights

RoleTable
---------
Name ACL Bandwidth ACL List Type
---- --- --------- -------- ----
CDTGreen_Role 84 Up: No Limit,Dn: No Limit global-sacl/,apprf-CDTGreen_Role-sacl/,CDTGreen_Policy/ User

 

(wlan01.cedardoc.com) # show ip access-list br

Access list table (4 - IPv4, 6 - IPv6)
--------------------------------------
Name Type Use Count Roles
---- ---- --------- -----
CDTGreen_Policy session(4) 1 CDTGreen_Role

 

ip access-list session CDTGreen_Policy
CDTGreen_Policy
---------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 any any svc-dhcp permit Low 4
2 any any tcp 443 permit Low 4
3 any any tcp 80 permit Low 4
4 any any udp 53 permit Low 4

 

wlan virtual-ap "CDTGreen"
aaa-profile "CDTGreen_AAA"
ssid-profile "CDTGreen_SSID"
no vap-enable
vlan 1109
deny-inter-user-traffic

 

aaa profile "CDTGreen_AAA"
initial-role "CDTGreen_Role"
authentication-dot1x "dot1x_prof-ckz60"

 

user-role CDTGreen_Role
captive-portal "default"
access-list session global-sacl
access-list session apprf-CDTGreen_Role-sacl
access-list session CDTGreen_Policy

 

Re: Need help with Captive Portal/splash page setup

Your initial role (CDTGreen_Role) is missing the parts to re-direct to the Captive Portal. Chang your initial role to be "logon" and this will re-direct to Captive Portal (don't forget to assign your Captive Portal to the logon role).

 

 


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Need help with Captive Portal/splash page setup

Do you mean I need to change the "initial role" in the CDTGreen_AAA profile to be "logon"? or somehwere else? The only place I see to specify the captive portal profile is in the CDTGreen_Role role, and that is being referenced by the CDTGreen_AAA profile. Im very confused, sorry. Just too many profiles to keep track of in this WLC.

 

Thanks.

Re: Need help with Captive Portal/splash page setup

Hey, exactly that! Change initial-role in the AAA profile to be logon. Don’t forget to change the captive portal under the logon role like you did before

Sent from my iPhone

ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Need help with Captive Portal/splash page setup

Zalion,

 

I think I see what youre saying now. The "captiveportal" policy was not added to the CDTGreen_Role user role so it wasnt redirecting. However, the "logon" user role does have the "captiveportal" policy. I went ahead and changed my inital role to "logon" and added the "default" captive portal profile to the "logon" role. But now im faced with a different issue. When I go to say www.yahoo.com, I believe the traffic is being redirected but the web page coming up is not the default "Aruba" captive portal web page. Chrome just kicks back saying my connection isnt private and I can see my controller certificate is being used. I cant get to any websites on the internet, im not sure where the redirect is getting stuck. Could it be a DNS issue where 8.8.8.8 cant resolve the controller IP?

 

Thanks.

Occasional Contributor II

Re: Need help with Captive Portal/splash page setup

Nevermind, it is redirecting as expected. Thanks for the help Zalion! 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: